He has a point... NFR has a good plan, and is one of the big players in the
IDS market (and bashing the "godfather of the firewall" is a really good way
to draw a lot of animosity.. while NFR may not be everyone's favorite,
personal attacks probably wouldn't be wise).
----- Original Message -----
From: "Mark Teicher" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Aaron Schultz" <[EMAIL PROTECTED]>;
"Firewalls LIST" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, August 03, 2000 5:15 PM
Subject: Re: Intrusion Detection (NFR SUCKS)
> First of all, launching insults against Marcus is no way to win friends
and
> influence people, especially those have been frequent posters on the
> list. I actually have quite a bit of respect for Mr Marcus Ranum. NFR has
> a lot more potential than a majority of the rudimentary IDS systems
> available today. If it was not Mr. Marcus Ranum, ICSA probably would not
> have developed the criteria for ICSA Firewall certification, etc, etc.
So
> please refrain from posting your opinions to a very large mailing list.
>
> Avoid being slanderous due to the fact, that your post can have character
> and business ramifications..
>
> /m
>
> At 12:23 PM 8/3/00 -0700, Loki wrote:
> >Ok, this is going to cause a lot of flames, but I really don't care.. :)
> >I attended Defcon and Mr. Marcus Ranum made a complete ass out of himself
by
> >insulting close to 75% of his customer base with his choice for
discussion...
> >so I would also not be surprised if their will be an influx of postings
to
> >BUGTRAQ concerning new NFR vulnerabilities aimed exactly for that reason.
> >
> >On a more "unpersonal" note, NFR in my oppinion bites the big one.. That
> >may be
> >a biased opinion due to my heavy involvement and support in the SNORT
IDS..
> >but.. hey.. I did get to play with it and noticed a lot of problems and
issues
> >with it.. that also may be due to the fact it that it was an eval.. oh
well..
> >
> >(worthless rant) I'll call this one my, negative (-).02 cents
> >
> >
> >
> >On Thu, 03 Aug 2000, Aaron Schultz wrote:
> > > I wouldn't promote NFR...
> > >
> > > They can't monitor much bandwidth...(ie: 100+Mbit)
> > > When I asked about monitoring any amount of bandwidth they sent me to
> > > voicemail and I wasn't called back until the sales associate decided
it
> > > was time to check to see if I had received answers to my various
> > > questions. Furthermore, they claim the only way to monitor a decent
> > > amount of bandwidth is to put multiple NFR devices behind a foundry
(or
> > > similar) switch, although they don't have true answers on how the
machines
> > > coordinate their data when used seperately like this.
> > >
> > > NFR also lists only DESKTOP devices (ie: Compaq PCs) on their
literature,
> > > not 1 piece of hardware listed was a decent server platform.
> > >
> > > I never made it to their evaluation of their product - I find their
> > > pre-sales support to be less than adequate. Currently the best
answers
> > > for IDS (IMO) are:
> > > - Internet Security System's products
> > > - Axent's (now Norton's) product line
> > > (both have Windows agents)
> > >
> > > - Aaron Schultz
> > > - [EMAIL PROTECTED]
> > > ------
> > >
> > > On Thu, 3 Aug 2000, Fabio Pietrosanti wrote:
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Network Flight Recorder, run only on Unix, but it's the BEST and the
most
> > > > difficult to tune in my opinion. It use his N-Code for creating the
> > > > Backend filter.
> > > > look here http://www.nfr.net
> > > >
> > > > Pietrosanti Fabio I.NET SpA, High Quality Access to the
> > Internet
> > > > e-mail: [EMAIL PROTECTED] ( Direzione Tecnica, Gruppo
> > Firewall )
> > > > [EMAIL PROTECTED]
> > > > PGP Key
> > (DSS) http://naif.itapac.net/naif.asc
> > > >
> > > > Home Page URL: http://www.inet.it
> > > > Sede: Via Caldera, 21 20153 Milano
> > > > Tel: 02-409061 Fax: 02-40906303
> > > > --
> > > > Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS
> > > >
> > > >
> > > > On Thu, 3 Aug 2000, Rob Serfozo wrote:
> > > >
> > > > > We are investigating the installation of Intrusion Detection
software.
> > > > > Wondering if the list had any opinions good or bad towards any
> > product. We
> > > > > are hoping to be able to run on a Windows platform. We are
> > currently using
> > > > > a PIX firewall.
> > > > >
> > > > > Thanks,
> > > > > Rob Serfozo
> > > > >
> > > > > -
> > > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > > "unsubscribe firewalls" in the body of the message.]
> > > > >
> > > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.0.1 (GNU/Linux)
> > > > Comment: For info see http://www.gnupg.org
> > > > Filter: gpg4pine 4.1 (http://azzie.robotics.net)
> > > >
> > > > iD8DBQE5iZc8dK5I1NnlcMYRArVIAJwLOjB3xWV8dJL8HcC2GN7JnvWBBwCgnN2v
> > > > f/8+3RNhPbhLeFLQ7/hRqzY=
> > > > =eoJG
> > > > -----END PGP SIGNATURE-----
> > > >
> > > > -
> > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > "unsubscribe firewalls" in the body of the message.]
> > > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> >--
> >----------------------------------------------------------------------
> >Loki [LoA]
> >[EMAIL PROTECTED]
> >----------------------------------------------------------------------
> >PGP Key fingerprint = 67 1D 12 BE 61 D6 63 B2 6A 8C F8 A1 80 88 1B 4
> >[[EMAIL PROTECTED]]# ./crack /etc/passwd > passwd.cr
> >[[EMAIL PROTECTED]]# su - root
> >[[EMAIL PROTECTED]]#
> >----------------------------------------------------------------------
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
